Australia doesn't have online voting for federal elections and we should keep it that way

As we head towards the federal election, you may be wondering why we can’t skip the polling booth queues and vote online instead.

The reason is the difficulty of verifying that each person’s vote is accurately recorded and tallied. As yet, there is no safe way to ensure this over the internet.

But there are ways technology can improve the election - if we are careful. Recent legislative changes will help make this year’s electronic Senate count more secure and transparent.

House of Representatives voting

Think for a minute about how Australian election results earn public trust. House of Representatives ballots are cast on paper, voters put their own ballot into a ballot box, they are then manually counted and scrutineers are entitled to watch every aspect of the process.

Except for some requirements to trust the postal service (for postal votes) and a phone-based remote voting service (for the small minority unable to vote by post) the entire process can be independently verified.

We don’t know how to replicate this transparent, verifiable process in a paperless way over the internet.

What’s the problem with online voting?

Australia has no secure or universal way of verifying a citizen’s identity online, so online voting incurs a risk of allowing ineligible people to vote, perhaps a very large number of times.

Another key problem is enabling voters to verify the electronic vote they sent is the one they wanted.

Unlike a postal ballot paper, an electronic vote cannot be directly verified. Malware, or a bug, on the voting device might change the vote without the voter’s knowledge.

Read more: As the election campaign begins, what do the polls say, and can we trust them this time?^[1]

Some countries have tried to address this, but issues remain.

In Estonia, voters can use an independent device to redo the vote encryption and check it matches what they asked for. This method has some good security properties, but introduces problems^[2] around coercion and vote-buying.

In Switzerland, voters receive a code sheet in the mail and use the codes to check their vote was properly received. In 2019 colleagues and I^[3] discovered some subtle flaws in this process, and in the later stages of the SwissPost verification process. These could allow a malicious attacker to alter votes while making it appear that verification had passed.

Online voting in Australia

New South Wales used an online voting option called iVote^[4] for its local government elections in 2021.

Although originally justified as a necessity for special classes of voters, by 2021 iVote eligibility had expanded to include anyone who said they would be outside their local government area on election day. More than 600,000 votes, including one third of votes for the Sydney City Council, were received over this system.

The system suffered outages under this load - the NSW Electoral Commission estimated^[5] 10,000 or more people couldn’t cast a vote. This estimate is probably conservative, but nobody knows for sure how many people were disenfranchised. The NSW Supreme Court determined in February^[6] that three council election outcomes should be voided and re-run.

Analysis by mathematical scientist Dr Andrew Conway and myself shows^[7] for 36 additional councils, the number of people acknowledged by the NSW Electoral Commission to have been excluded was enough to have possibly changed the outcome.

The systems used for local elections elsewhere in Australia may be even worse. The ACT allowed some overseas voters to vote online in the 2021 election for the ACT Assembly. A February 2022 report^[8] on that system by Australian National University computing lecturer Thomas Haines found it didn’t use end-to-end encryption to protect the privacy of the votes and didn’t use any sound cryptographic method to protect them from being modified when they passed through an internet-facing server. Nor does it appear to have any method of allowing voters to verify their votes are cast as they intended.

This is why it’s a good thing internet voting isn’t permitted for federal elections in Australia. And it’s important to remember it’s the verification issues, more than reliability failures, that are the problem.

Senate vote counting

Senate ballots are cast on paper and then scanned and digitised in a hybrid human and automated process. First preference votes for the Senate are manually tallied. But the rest of the Senate count is conducted electronically.

The electronic preferences are published online, so the counting step can be independently checked using any open source Senate counting software^[9].

The hard part is ensuring the published preferences are accurate representations of the ballot. Until recently, there was no careful way to assess this. If a software error or security problem caused a divergence between the paper ballots and the scanned images, or between the scanned images and the final preferences, it might not have been detectable even by the Australian Electoral Commission, let alone scrutineers.

New laws^[10], which passed parliament in December 2021, represent a tremendous improvement. They mandate a statistical audit of the ballot papers to verify they’re accurately reflected in the digital preferences.

Read more: #SetTheAgenda: What The Conversation's readers want politicians to address this federal election^[11]

By law, the electoral commission must publish their audit methodology in advance, which should be soon. We need to see a clear, rigorous procedure for randomly choosing ballot papers and comparing them to their digitised preferences, in the presence of scrutineers. Observers also need to be able to check the pencil marks on the ballot paper have been accurately digitised.

This will provide a complete evidence trail all the way from the ballot papers to the election outcome.

Earning and maintaining public trust

We don’t know how to run trustworthy elections over the internet, but we can use technology to improve some electoral processes, without sacrificing the public evidence trail that is absolutely central to earning public trust in the results.

It is tempting but wrong to emphasise secrecy rather than transparency, to hide problems rather than exposing them to public scrutiny. The new Senate bill bucks this trend.

Auditing the Senate ballot papers is hard work and it’s not fashionable or convenient, but it will make a huge difference to the security of Australian elections.

References

1. ^{^} As the election campaign begins, what do the polls say, and can we trust them this time? (theconversation.com)
2. ^{^} introduces problems (eprint.iacr.org)
3. ^{^} colleagues and I (ieeexplore.ieee.org)
4. ^{^} iVote (www.elections.nsw.gov.au)
5. ^{^} estimated (www.elections.nsw.gov.au)
6. ^{^} determined in February (www.caselaw.nsw.gov.au)
7. ^{^} shows (github.com)
8. ^{^} February 2022 report (gitlab.anu.edu.au)
9. ^{^} open source Senate counting software (github.com)
10. ^{^} laws (www.aph.gov.au)
11. ^{^} #SetTheAgenda: What The Conversation's readers want politicians to address this federal election (theconversation.com)